DOCSLIB.ORG

Recent Results on Classifying Risk-Based Testing Approaches

Total Page:16

File Type:pdf, Size:1020Kb

Download full-text PDF Read full-text
Recent Results on Classifying Risk-Based Testing Approaches Recent Results on Classifying Risk-Based Testing Approaches Michael Felderer University of Innsbruck, Austria J¨urgenGroßmann Fraunhofer FOKUS, Germany Ina Schieferdecker Fraunhofer FOKUS & TU Berlin, Germany Abstract In order to optimize the usage of testing efforts and to assess risks of software- based systems, risk-based testing uses risk (re-)assessments to steer all phases in a test process. Several risk-based testing approaches have been proposed in academia and/or applied in industry, so that the determination of principal concepts and methods in risk-based testing is needed to enable a comparison of the weaknesses and strengths of different risk-based testing approaches. In this chapter we provide an (updated) taxonomy of risk-based testing aligned with risk considerations in all phases of a test process. It consists of three top-level classes, i.e., contextual setup, risk assessment, and risk-based test strategy. This taxonomy provides a framework to understand, categorize, assess and compare risk-based testing approaches to support their selection and tailoring for specific purposes. Furthermore, we position four recent risk-based testing approaches into the taxonomy in order to demonstrate its application and alignment with available risk-based testing approaches. arXiv:1801.06812v1 [cs.SE] 21 Jan 2018 1 Introduction Testing of safety-critical, security-critical or mission-critical software faces the problem of determining those tests that assure the essential properties of the software and have the ability to unveil those software failures that harm the critical functions of the software. However, also for "normal" less critical software a comparable problem exists: Usually testing has to be done under severe pressure due to limited resources and tight time constraints with the consequence that testing efforts have to be focused and be driven by business risks. Both decision problems can adequately be addressed by risk-based testing which consider risks of the software product as the guiding factor to steer all phases of a test process, i.e., test planning, design, implementation, execution, and evaluation [1, 2, 3]. 1 Risk-based testing is a pragmatic, in companies of all sizes widely used approach [4, 5] which uses the straightforward idea to focus test activities on those scenarios that trigger the most critical situations of a software system [6]. Recently, the international standard ISO/IEC/IEEE 29119 Software Testing [7] on testing techniques, processes, and documentation even explicitly specifies risk consid- erations to be an integral part of the test planning process. Because of the growing number of available risk-based testing approaches and its increasing dissemination in industrial test processes [8], methodological support to categorize, assess, compare, and select risk-based testing approaches is required. In this paper, we present an (updated) taxonomy of risk-based testing that pro- vides a framework for understanding, categorizing, assessing, and comparing risk-based testing approaches and that supports the selection and tailoring of risk-based testing approaches for specific purposes. To demonstrate the application of the taxonomy and its alignment with available risk-based testing approaches, we position four recent risk-based testing approaches, i.e., the RASEN approach [9], the SmartTesting ap- proach [10], risk-based test case prioritization based on the notion of risk exposure [11] as well as risk-based testing of open source software [12], in the taxonomy. A taxonomy defines a hierarchy of classes (also referred to as categories, dimen- sions, criteria or characteristics) to categorize things and concepts. It describes a tree structure whose leaves define concrete values to characterize instances in the taxon- omy. The proposed taxonomy is aligned with the consideration of risks in all phases of the test process and consists of the top-level classes context (with subclasses risk driver, quality property, and risk item), risk assessment (with subclasses factor, esti- mation technique, scale, and degree of automation), and risk-based test strategy (with subclasses risk-based test planning, risk-based test design & implementation, and risk- based test execution & evaluation). The taxonomy presented in this chapter extends and refines our previous taxonomy of risk-based testing [3]. The remainder of this chapter is structured as follows. Section 2 presents back- ground on software testing and risk management. Section 3 introduces the taxonomy of risk-based testing. Section 4 presents the selected four recent risk-based testing approaches and discusses them in the context of the taxonomy. Finally, Section 5 summarizes this chapter. 2 Background on Software Testing and Risk Management Software testing [13] is the process consisting of all lifecycle activities, both static and dynamic, concerned with planning, preparation and evaluation of software products and related work products to determine that they satisfy specified requirements, to demonstrate that they are fit for purpose and to detect defects. According to this definition it comprises static activities like reviews but also dynamic activities like classic black or white box testing. The tested software-based system is called system under test (SUT). As highlighted before, risk-based testing (RBT) is a testing approach which considers risks of the software product as the guiding factor to support decisions in all phases of the test process [1, 2, 3]. A risk is a factor that could result in future negative consequences and is usually expressed by its likelihood and impact [13]. In 2 software testing, the likelihood is typically determined by the probability that a failure assigned to a risk occurs, and the impact is determined by the cost or severity of a failure if it occurs in operation. The resulting risk value or risk exposure is assigned to a risk item. In the context of testing, a risk item is anything of value (i.e., an asset) under test, for instance, a requirement, a component or a fault. RBT is a testing-based approach to risk management which can only deliver its full potential if a test process is in place and if risk assessment is integrated appropriately into it. A test process consists of the core activities test planning, test design, test implementation, test execution, and test evaluation [13] (see Figure 1). In the following, we explain the particular activities and associated concepts in more detail. Test Planning Test Design Test Implementation Test Execution Test Evaluation Figure 1: Core test process steps According to [7] and [13], test planning is the activity of establishing or updating a test plan. A test plan is a document describing the scope, approach, resources, and schedule of intended test activities. It identifies, amongst others, objectives, the features to be tested, the test design techniques, and exit criteria to be used and the rationale of their choice. Test objectives are reason or purpose for designing and executing a test. The reason is either to check the functional behavior of the system or its non-functional properties. Functional testing is concerned with assessing the functional behavior of an SUT, whereas non-functional testing aims at assessing non- functional requirements such as security, safety, reliability or performance. The scope of the features to be tested can be components, integration or system. At the scope of component testing (also referred to as unit testing), the smallest testable component, e.g., a class, is tested in isolation. Integration testing combines components with each other and tests those as a subsystem, that is, not yet a complete system. In system testing, the complete system, including all subsystems, is tested. Regression testing is the selective retesting of a system or its components to verify that modifications have not caused unintended effects and that the system or the components still comply with the specified requirements [14]. Exit criteria are conditions for permitting a process 3 to be officially completed. They are used to report against and to plan when to stop testing. Coverage criteria aligned with the tested feature types and the applied test design techniques are typical exit criteria. Once the test plan has been established, test control begins. It is an ongoing activity in which the actual progress is compared against the plan which often results in concrete measures. During the test design phase the general testing objectives defined in the test plan are transformed into tangible test conditions and abstract test cases. Test implementation comprises tasks to make the abstract test cases executable. This includes tasks like preparing test harnesses and test data, providing logging support or writing test scripts which are necessary to enable the automated execution of test cases. In the test execution phase, the test cases are then executed and all relevant details of the execution are logged and monitored. Finally, in the test evaluation phase the exit criteria are evaluated and the logged test results are summarized in a test report. Risk management comprises the core activities risk identification, risk analysis, risk treatment, and risk monitoring [15, 16]. In the risk identification phase, risk items are identified. In the risk analysis phase, the likelihood and impact of risk items and, hence, the risk exposure is estimated. Based on the risk exposure values, the risk items may be prioritized and assigned to risk levels defining a risk classification.
Load more

Recommended publications
  • Leading Practice: Test Strategy and Approach in Agile Projects
    CA SERVICES | LEADING PRACTICE Leading Practice: Test Strategy and Approach in Agile Projects Abstract This document provides best practices on how to strategize testing CA Project and Portfolio Management (CA PPM) in an agile project. The document does not include specific test cases; the list of test cases and steps for each test case are provided in a separate document. This document should be used by the agile project team that is planning the testing activities, and by end users who perform user acceptance testing (UAT). Concepts Concept Description Test Approach Defines testing strategy, roles and responsibilities of various team members, and test types. Testing Environments Outlines which testing is carried out in which environment. Testing Automation and Tools Addresses test management and automation tools required for test execution. Risk Analysis Defines the approach for risk identification and plans to mitigate risks as well as a contingency plan. Test Planning and Execution Defines the approach to plan the test cases, test scripts, and execution. Review and Approval Lists individuals who should review, approve and sign off on test results. Test Approach The test approach defines testing strategy, roles and responsibilities of various team members, and the test types. The first step is to define the testing strategy. It should describe how and when the testing will be conducted, who will do the testing, the type of testing being conducted, features being tested, environment(s) where the testing takes place, what testing tools are used, and how are defects tracked and managed. The testing strategy should be prepared by the agile core team.
    [Show full text]
  • Infotek Solutions Inc
    Infotek Solutions Inc. Test Strategy Test Strategy is summarize or outline which describes the approach of software development cycle. Or The test levels to be performed in testing and the description of testing activities within those test levels are known as test strategy. It is created to inform project managers, testers and developers about some key points of testing process. Strategy also includes testing objective, methods to testing new functions, time and resource what will be used in project and testing environment. Test strategies describe how to mitigate the product risk at test level, which of types of test are to be performed in testing and which entry and exit criteria apply. Different Testing strategies may be adopted depending on the type of system to be test and the development process used. In this document we are going to discuss testing strategies on two different types of software testing. 1. Conventional Software 2. Object Oriented Software(OO software) Conventional Software Testing: It is traditional approach. It takes place mostly when water fall life cycle is used for development. Conventional software Testing focuses more on decomposition. Conventional software testing always takes place during the test phase of life cycle, which usually follows the development phase and proceeds the implementation phase. During the conventional testing phase, Three types of testing will be conducted 1. System Testing 2. Integration Testing 3. Unit Testing Object Oriented Software Testing: Using Object Oriented design or design along with Agile development methodology leads to Object Oriented Software Testing. Object Oriented testing is done having emphasis on Composition.
    [Show full text]
  • Agile Test Automation Strategy, V2.Pptx
    MJ Half-day Tutorials 10/3/16 13:00 Test Automation Strategies for the Agile World Presented by: Bob Galen Velocity Partners Brought to you by: 350 Corporate Way, Suite 400, Orange Park, FL 32073 888---268---8770 ·· 904---278---0524 - [email protected] - http://www.starwest.techwell.com/ Bob Galen Velocity Partners An agile methodologist, practitioner, and coach, Bob Galen ([email protected]) helps guide companies in their adoption of Scrum and other agile methodologies and practices. Bob is a principal agile evangelist at Velocity Partners; president of RGCG; and frequent speaker on software development, project management, software testing, and team leadership. He is a Certified Scrum Coach, Certified Scrum Product Owner, and an active member of the Agile and Scrum Alliances. Bob published Scrum Product Ownership–Balancing Value from the Inside Out. Test Automation Strategies for the Agile World Bob Galen President & Principal Consultant RGCG, LLC [email protected] Introduction Bob Galen n Independent Agile Coach (CEC) at RGCG, LLC n Director, Agile Practices at n Somewhere ‘north’ of 30 years overall experience J n Wide variety of technical stacks and business domains n Developer first, then Project Management / Leadership, then Testing n Senior/Executive software development leadership for 20+ years n Practicing formal agility since 2000 n XP, Lean, Scrum, and Kanban experience n From Cary, North Carolina Bias Disclaimer: Agile is THE BEST Methodology for Software Development… However, NOT a Silver Bullet! Copyright © 2016 RGCG, LLC 2 1 Outline n Traditional Automation – Business Case & ROI n 3-Pillars n Agile Test Automation Pyramid n Agile Automation – Business Case & ROI n Implementation Strategy n Communication n Wrap-up Copyright © 2016 RGCG, LLC 3 Let’s start with… Traditional Automation Strategy n What are your current strategies towards: q Test Automation q Frameworks q Tooling q Maintenance q ROI q Team structure n Get together in “pairs” and chat about this for 20 minutes.
    [Show full text]
  • Beginners Guide to Software Testing
    Beginners Guide To Software Testing Beginners Guide To Software Testing - Padmini C Page 1 Beginners Guide To Software Testing Table of Contents: 1. Overview ........................................................................................................ 5 The Big Picture ............................................................................................... 5 What is software? Why should it be tested? ................................................. 6 What is Quality? How important is it? ........................................................... 6 What exactly does a software tester do? ...................................................... 7 What makes a good tester? ........................................................................... 8 Guidelines for new testers ............................................................................. 9 2. Introduction .................................................................................................. 11 Software Life Cycle ....................................................................................... 11 Various Life Cycle Models ............................................................................ 12 Software Testing Life Cycle .......................................................................... 13 What is a bug? Why do bugs occur? ............................................................ 15 Bug Life Cycle ............................................................................................... 16 Cost of fixing bugs .......................................................................................
    [Show full text]
  • Test Plan and Test Strategy Document
    Test Plan And Test Strategy Document Aamir never admixes any saccharoses untuned ava, is Adlai clever and heteronomous enough? Minute DomenicoDionysus fables concenter his dissemblances quite unexceptionably unbent unadvisedly. but osculating Bold her Tedd cline stillmysteriously. hurtled: ungenuine and sizzling What is a test strategy? The Test Strategy may also describe the test levels to be carried out and it should give guidance on the entry and exit criteria for each level, but also on the relationships among levels. Verify if the login button is displaying or not. This picture will show whenever you leave a comment. Your PDF request was successfully submitted. While testing software projects, certain test cases will be treated as the most important ones, and if they fail the product cannot be released. Standards must be tailored to meet your needs. We were unable to process your PDF request. This data must be available to the test leader and the project manager, along with all the team members, in a central location. It should also list steps taken to mitigate any risks that arise from skipping regression testing, like releasing a maintenance patch after two weeks. The fundamental difference between test strategy and test plan is their scope. In my career, I have mostly operated without written test plans. The product and principles of defects in the activities and pass and test plan is to prepare a detailed and. Go into as much detail as possible. Sorry, your blog cannot share posts by email. Proper and effective documentation work plays a vital role in carrying out any sort of process, either development or testing in an efficient manner for its success.
    [Show full text]
  • An Automated Testing Strategy for Efficient Use in the Consultancy
    Master Thesis Software Engineering Thesis no: MSE-2007:18 June 2007 An automated testing strategy targeted for efficient use in the consulting domain Teddie Stenvi School of Engineering Blekinge Institute of Technology Box 520 SE – 372 25 Ronneby Sweden This thesis is submitted to the School of Engineering at Blekinge Institute of Technology in Master Thesis partial fulfillment of the requirements for the degree of Master of Science in Software Software Engineering Engineering. The thesis is equivalent to 20 weeks of full time studies. Thesis no: MSE-2007-xx Month Year Contact Information: Author(s): Teddie Stenvi Address: Jaktstigen 18 22652 Lund E-mail: [email protected] External advisor(s): Per Sigurdson Testway AB Address: Hans Michelsengatan 9 211 20 Malmö University advisor(s): Dr. Robert Feldt Department of Systems and Software Engineering School of Engineering Internet : www.bth.se/tek School of Engineering Blekinge Institute of Technology Phone : +46 457 38 50 00 Blekinge Institute of Technology Box 520 Fax : + 46 457 271 25 Box 520 SE – 372 25 Ronneby SE – 372 25 Ronneby Sweden Sweden ii ABSTRACT Test automation can decrease release cycle time for software systems compared to manual test execution. Manual test execution is also considered inefficient and error-prone. However, few companies have gotten far within the field of test automation. This thesis investigates how testing and test automation is conducted in a test consulting setting. It has been recognized that low test process maturity is common in customer projects and this has led to equally low system testability and stability. The study started with a literature survey which summarized the current state within the field of automated testing.
    [Show full text]
  • Enterprise Test Strategy Just for an Enterprise Project Release? CHICAGO April 18Th — April 22Th Renaissance Hotel 1 West Wacker Drive Chicago IL 60601
    Isn’t an Enterprise Test Strategy just for an Enterprise Project Release? CHICAGO April 18th — April 22th Renaissance Hotel 1 West Wacker Drive Chicago IL 60601 Speaker(s): Susan Schanta When: April 22, 2016 Company: Cognizant Technology Solutions Time: 10:00 am - 11:00 am 04/22/16 Isn’t an Enterprise Test Strategy just for an Enterprise Project Release? Susan Schanta, Director © 2015 Cognizant 1 © 2015 Cognizant Why do I need an Enterprise Test Strategy? Why do I need an Enterprise Test Strategy? Because quality can’t be tested into the product… We need a shared vision to achieve quality… What is the Challenge We’re Solving for? . Lack of shared understanding regarding the role of the Quality organization − We pay a lot for QA, why isn’t quality better? − Why do we need QA so early in the lifecycle? − QA just tests at the end, right? − Why does it take QA so long to test? . How do I change our persona from a Testing Department to a Quality Center of Excellence − Does the organization understand QA’s role in the software development lifecycle? − Have I set expectations for how and when project stakeholders should engage QA? − How can I establish a collaborative relationship where cross-functional teams understand the interdependencies between their work product and the QA work product? 2 © 2015 Cognizant What is an Enterprise Strategy? The Enterprise Test Strategy establishes a framework for how the QA organization operates and interacts with project team members. When collaboratively developed with Project Management, Business Analysts and Development, the Enterprise Test Strategy provides a foundation for how the organization will build quality into product releases while reducing the cost of quality.
    [Show full text]
  • Reframing the Test Pyramid for Digitally Transformed Organizations
    Reframing the Test Pyramid for Digitally Transformed Organizations Nicole Radziwill & Graham Freeman Abstract: The test pyramid is a conceptual model that describes how quality checks can be ​ organized to ensure coverage of all components of a system, at all scales. Originally conceived to help aerospace engineers plan tests to determine how material changes impact system integrity, the concept was gradually introduced into software engineering. Today, the test pyramid is typically used to illustrate that the majority of tests should be performed at the lowest (unit test) level, with fewer integration tests, and even fewer acceptance tests (which are the most expensive to produce, and the slowest to execute). Although the value of acceptance tests and integration tests increasingly depends on the integrity of the underlying data, models, and pipelines, software development and data management organizations have traditionally been siloed and quality assurance practice is not as mature in data operations as it is for software. Companies that close this gap by developing cross-organizational systems will create new competitive advantage and differentiation. By taking a more holistic view of testing that crosses these boundaries, practitioners can help their organizations close the gap. Keywords: Software testing, test pyramid, automation, test automation, data testing, Industry 4.0 ​ Introduction In 2016, research firm Forrester identified the “insights-driven business” as a new type of company that is emerging during the age of digital innovation. (Fenty, 2016) These firms develop strategic insights using data science and software supported by closed-loop systems, which creates significant differentiation and competitive advantage. Forrester found that by supporting data science efforts with larger budgets and platforms (that serve to unify technology and infrastructure for knowledge management and collaboration), insight-driven businesses were twice as likely to achieve market-leading positions in their industries than technology ​ ​ laggards.
    [Show full text]
  • D7.1 Test and Integration Plan
    Management Of Networked IoT Wearables – Very Large Scale Demonstration of Cultural Societal Applications (Grant Agreement No 732350) D7.1 Test and Integration Plan Date: 2017-08-31 Version 1.0 Published by the MONICA Consortium Dissemination Level: Public Co-funded by the European Union’s Horizon 2020 Framework Programme for Research and Innovation under Grant Agreement No 732350 D7.1 Test and Integration Plan Document control page Document file: D7.1 Test and Integration Plan v1.0.docx Document version: 1.0 Document owner: ATOS Work package: WP7 – Components & Cloud Integration Task: T7.1 – Continuous Integration and Support Deliverable type: R Document status: Approved by the document owner for internal review Approved for submission to the EC Document history: Version Author(s) Date Summary of changes made 0.1 Jan Benadik (ATOS) 2017-03-17 Initial version 0.11 Jan Benadik (ATOS) 2017-04-03 Short description of possible tools added 0.12 Jan Benadik (ATOS) 2017-04-11 Some parts of environment description added 0.14 Jan Benadik (ATOS) 2017-06-09 Reworked structure, some details added. minor text corrections 0.15 Jan Benadik (ATOS) 2017-06-19 Test definitions added, test tools added 0.16 Jan Benadik (ATOS) 2017-07-06 LinkSmart modules specifications added SCRAL specifications added OneM2M specifications added 0.17 Jan Benadik (ATOS) 2017-07-07 JMeter description added SoapUI description added 0.18 Jan Badinsky (ATOS) 2017-07-12 Reworked structure 0.20 Robert Najsel (ATOS) 2017-07-12 Software quality added 0.21 Jan Badinsky (ATOS) 2017-07-14 IoT Testing added 0.22 Jan Benadik (ATOS) 2017-07-26 Version for first internal review 0.23 Jan Benadik (ATOS) 2017-08-14 Rewritten into new version of MONICA deliverable template – no content changes 0.39 Jan Badinsky, Jan Benadik 2017-08-31 Reworked based on review recommendations (ATOS), Peeter Kool (CNET) 1.0 Jan Benadik (ATOS) 2017-08-31 Final version submitted to the European Commission Internal review history: Reviewed by Date Summary of comments Arjen Schoneveld (DEXELS) 2017-08-31 Approved.
    [Show full text]
  • Journal of Science Planning Activities in Software Testing Process
    Review Article GU J Sci 31(3): 801-819 (2018) Gazi University Journal of Science http://dergipark.gov.tr/gujs Planning Activities in Software Testing Process: A Literature Review and Suggestions for Future Research M. Hanefi CALP1,*, Utku KOSE2 1Software Engineering, Of Technology Faculty, Karadeniz Technical University, Trabzon, Turkey 2Computer Engineering, Faculty of Engineering, Suleyman Demirel University, Isparta, Turkey Article Info Abstract Software testing process consists of activities that implemented after it is planned and including Received: 05/03/2018 to document related testing activities. Test processes must be applied necessarily for able to Accepted: 08/05/2018 clearly see the quality of software, the degree of reliability, whether it is ready for delivery, the degree of effectiveness and remains of how much testing. One of the most important phase of these processes is test planning activities. Test planning activities directly affects the project's Keywords success in software projects. In this study, software testing process, and test planning activities Software testing carried out in this process was first clearly demonstrated by the literature review. Later, a basic Testing process software testing process and test planning process were determined and explained step by step. Test planning In this way, it was aimed to give a different and deep perspective to the test planning activities Test reporting and to raise awareness on the topic. As a result of the research, it was seen that the test planning activities are not applied adequately at present, software testers, experts or researchers do not have enough knowledge about the details of the method, and this situation causes very serious negative results in the delivery and cost in software projects.
    [Show full text]
  • Test-Plan-Template-05.Pdf
    Table of Contents 1 INTRODUCTION .......................................................................................... 2 2 SCOPE ............................................................................................................ 2 3 QUALITY OBJECTIVES .............................................................................. 3 3.1 Primary Objectives ................................................................................... 3 3.2 Secondary Objectives ............................................................................... 3 4 TEST APPROACH ........................................................................................ 3 4.1 Test Automation ....................................................................................... 4 5 ROLES AND RESPONSIBILITIES .............................................................. 4 6 ENTRY AND EXIT CRITERIA ................................................................... 5 6.1 Entry Criteria ............................................................................................ 5 6.2 Exit Criteria .............................................................................................. 5 7 SUSPENSION CRITERIA AND RESUMPTION REQUIREMENTS ........ 5 7.1 Suspension criteria .................................................................................... 5 7.2 Resumption criteria ................................................................................... 6 8 TEST STRATEGY ........................................................................................
    [Show full text]
  • New Frameworks for Automated Test and Retest (ATRT) Test Case Requirement Traceability Matrix
    ISSN(Online) : 2456-8910 International Journal of Innovative Research in Applied Sciences and Engineering (IJIRASE) Volume 1, Issue 2, DOI: 10.29027/IJIRASE.v1.i2.2017.44-50, August 2017 New Frameworks for Automated Test and Retest (ATRT) Test Case Requirement Traceability Matrix R.Padmavathi P.Saravanan Research Scholar D.B.Jain College Asst Professor Department of Computer Science, Autonomous Chennai-97 D.B.Jain College Autonomous Chennai-97 [email protected] [email protected] ABSTRACT- In the software testing domain technology accessing and improving the research paper implementing automated customer requirements the automated test and retest (ATRT) is one of the an testing process. The process and tracking Innovative technical solution provider that its status and matrix is a standard of solves the uniqueness testing problem the measurement, a metrics can be performed ATRT is one of the numerous automated at as a measure can utilized and testing tools. The ATRT is a one of the way implementing to display past and present that handle are related test cases and test performance and predicting future management activities, the test case performance. processing. The processing is a hierarchical Keywords: Software testing, ATRT, break down of test cases into test scenario mapping test cases, Requirements, Test and test steps and test sub steps the user to coverage import their requirement and map test cases 1. Introduction to requirements. In the research Framework ATRT automated testing and retesting is an successfully built by reusing the test cases automated tool the tool capability that can in the research paper implementing be applied across the entire system testing continuous improvements and continuous lifecycle, the testing result in broader test integration.
    [Show full text]